Slashdot Mirror

← Back to Stories (view on slashdot.org)

800 Break-ins at Dept. of Homeland Security

Posted by CmdrTaco on from the well-i-feel-safer-already dept.

WrongSizeGlass writes "Yahoo is reporting about the computer security nightmare going on at the Department of Homeland Security. Senior DHS officials admitted to Congress that over a two year period there were 800 hacker break-ins, virus outbreaks and in one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems. I guess it's true what they say ... a mechanic's car is always the last to get fixed."

12 of 276 comments (clear)

  1. I'll only say... by damn_registrars · · Score: 5, Insightful
    That ending line is far too kind.

    "a mechanic's car is always the last to get fixed" Assumes that the DHS is somehow competent to fix anything at all.
    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:I'll only say... by Intron · · Score: 5, Insightful

      Never mind competent. What exactly do they do? I can understand the purpose of the FBI, CIA, NSA, Treasury, FDA, FAA and SEC in law enforcement. What does DHS do that isn't covered already? The only thing I can find is publishing the threat level (currently Yellow = Run and Hide, except the airline industry is at Orange = Don't Bring Juice). Does anyone pay attention to that?

      Do we really need a whole beurocracy to make the various departments share information and cooperate with each other? Aren't they run by grownups?

      --
      Intron: the portion of DNA which expresses nothing useful.
    2. Re:I'll only say... by statusbar · · Score: 4, Insightful

      Homeland Security = Homeland Insecurity

      What they DO is they bring insecurity to every sector of government and society that they touch, in the name of "Security"

      It is all about optics... It doesn't matter that their computers are insecure... obviously the problem is that the fact that their computers are insecure should be a top-secret fact. It is not something that they feel needs to be fixed. They are only there for the illusion.

      --jeffk++

      --
      ipv6 is my vpn
    3. Re:I'll only say... by hachete · · Score: 4, Insightful

      At times of great political crisis for the Republican Party, the threat level goes up.

      Troll or humour, I don't know meself.

      --
      Patriotism is a virtue of the vicious
  2. Big assumption by Tony · · Score: 5, Insightful

    I guess it's true what they say ... a mechanic's car is always the last to get fixed.

    That's very true.

    Especially when the mechanic is incompetent, and more interested in throwing around political weight than actually trying to accomplish anything useful.

    --
    Microsoft is to software what Budweiser is to beer.
  3. One thing is for sure. by AltGrendel · · Score: 5, Insightful

    The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

    1. Re:One thing is for sure. by Guppy06 · · Score: 4, Insightful

      "The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere."

      And even if the pay was the same, there's still the many months and ungodly amount of paperwork involved in trying to get a government job. Are you going to go for the offering that's available next month or next year?

    2. Re:One thing is for sure. by jofny · · Score: 4, Insightful

      And lo! Slashdot accidentally discovers the reason for the lucrative concept of "government contracting". Of course the government cant compete with pay - they also cant hire or fire in any reasonable manner, so most of the staff consists of long term contractors...which partially negates the "blame X on government employee salaries" habit in a lot of these conversations.

  4. 800 is a lot compared to who? by jofny · · Score: 5, Insightful

    Point 1: Considering the complete inability of standard technical solutions to security problems to prevent a significant number of attacks/infections from being successful, this is not like the mechanics car getting fixed last. It's called "the security industry and standard methodologies continue their long history of consistent failure at organizations, both public and private"

    Point 2: Those numbers are a completely meaningless abstraction without tying them back to type of attack, actual damage, importance of the data on those systems or their roles in launching further attacks, what kind of infections occurred and their damage potential, and finally what those numbers look like compared to other orgs of the same size.

    Point 3: Homeland Security is comprised of multiple mostly-independant sub orgs (like Coast Guard, TSA, etc)....so..saying DHS had so many attacks is misleading without clarification

    Point 4: Not saying theyre not making mistakes, just that those "facts" dont tell you either way what the actual state of things is.

  5. Re:Homeland Security != Information Security by eln · · Score: 5, Insightful

    DHS was created in response to the 9/11 attacks as a purely political move to make it look like we were serious about fighting terrorism. It created a huge bureaucracy, gave it an impossibly broad mandate, and made it more difficult for existing agencies (that were moved under DHS because they were at least tangentially related to protecting the country against various things) to do their jobs. As a result, the government is far less capable of intelligently defending against attack than it was before. It is only capable of wildly overreacting to perceived threats (like someone slipping through airport security with 4 ounces of hand soap rather than the mandated maximum of 3), again so it can appear as if it is on top of things.

    DHS was a bad idea that was implemented poorly out of a panicked need to do *something* following the attacks.

  6. My computer is always the FIRST to get fixed. by khasim · · Score: 5, Insightful

    Gotta agree with that. If they were competent, they'd have their own house in order.

    Just as anyone here who's competent with a computer has their systems up-to-date and tuned.

  7. FUD Article by Evil+W1zard · · Score: 4, Insightful

    Ok so here is the deal. DHS' network is a mesh of multiple other networks that were already in existence. This is problematic in itself as it involves a heavy amount of integration and also borders upon borders of perimeter security (each disparate agency is part of the whole but may have its own controlled interfaces for some level of separation...

    Now lets go to the article. To the laymen you say 800 compromises and they go into "WOW THAT IS SO BAD" mode, but seriously come on. The compromises are mostly workstations. Now that doesn't mean they get a free pass, but its not like they have had their core servers owned by foreign states... What they should be doing is not only scanning apps, DBs, and servers and patching/hardening them appropriately, but also client-side firewalling, config control of workstations, baseline security mechanisms for remote users, centralized virus/vulnerability patching... This article does not surprise me what-so-ever and it really is not an indication that DHS security is horrible. Its not the best, but 800 is not that bad.

    --
    News Reporters Make Tasty Polar Bear Treats!